Hugging Face's logo

Spaces:
S-Dreamer
/
playbook-execution
Running

App Files Community
S-Dreamer commited on
Commit
c99f4ff
·
verified ·
1 Parent(s): 89124db

Add 2 files

Browse files
Files changed (2) hide show
  1. index.html +455 -670
  2. prompts.txt +1 -0
index.html CHANGED
@@ -3,752 +3,537 @@
3
  <head>
4
  <meta charset="UTF-8">
5
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
- <title>SOAR Platform</title>
7
  <script src="https://cdn.tailwindcss.com"></script>
 
8
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
 
 
 
9
  <style>
10
- .sidebar {
11
- transition: all 0.3s ease;
 
 
 
12
  }
13
- .sidebar.collapsed {
14
- width: 70px;
 
 
15
  }
16
- .sidebar.collapsed .sidebar-text {
17
- display: none;
 
 
18
  }
19
- .sidebar.collapsed .logo-text {
20
- display: none;
 
 
 
 
21
  }
22
- .sidebar.collapsed .nav-item {
23
- justify-content: center;
 
 
 
 
 
 
 
 
 
24
  }
25
- .main-content {
26
- transition: all 0.3s ease;
 
27
  }
28
- .main-content.expanded {
29
- margin-left: 70px;
 
30
  }
31
- .severity-critical {
32
- background-color: #f87171;
 
 
33
  }
34
- .severity-high {
35
- background-color: #fca5a5;
36
  }
37
- .severity-medium {
38
- background-color: #fcd34d;
 
39
  }
40
- .severity-low {
41
- background-color: #86efac;
42
  }
43
- .severity-info {
44
- background-color: #93c5fd;
 
45
  }
46
- .playbook-step {
47
- border-left: 4px solid #3b82f6;
48
  }
49
- .json-viewer {
50
- font-family: monospace;
51
- white-space: pre;
52
- background-color: #f3f4f6;
53
- padding: 1rem;
54
- border-radius: 0.5rem;
55
- max-height: 300px;
56
- overflow-y: auto;
 
 
 
 
 
 
 
 
 
 
 
 
57
  }
58
  </style>
59
  </head>
60
- <body class="bg-gray-100">
61
- <div class="flex h-screen overflow-hidden">
62
- <!-- Sidebar -->
63
- <div id="sidebar" class="sidebar bg-gray-800 text-white w-64 flex flex-col">
64
- <div class="p-4 flex items-center space-x-2 border-b border-gray-700">
65
- <i class="fas fa-shield-alt text-blue-400 text-2xl"></i>
66
- <span class="logo-text text-xl font-bold">SOAR Platform</span>
 
 
67
  </div>
68
- <div class="flex-1 overflow-y-auto">
69
- <nav class="p-4 space-y-2">
70
- <a href="#" class="nav-item flex items-center space-x-3 p-2 rounded hover:bg-gray-700 bg-gray-700">
71
- <i class="fas fa-tachometer-alt"></i>
72
- <span class="sidebar-text">Dashboard</span>
73
- </a>
74
- <a href="#" class="nav-item flex items-center space-x-3 p-2 rounded hover:bg-gray-700">
75
- <i class="fas fa-bolt"></i>
76
- <span class="sidebar-text">Trigger Events</span>
77
- </a>
78
- <a href="#" class="nav-item flex items-center space-x-3 p-2 rounded hover:bg-gray-700">
79
- <i class="fas fa-book"></i>
80
- <span class="sidebar-text">Playbooks</span>
81
- </a>
82
- <a href="#" class="nav-item flex items-center space-x-3 p-2 rounded hover:bg-gray-700">
83
- <i class="fas fa-history"></i>
84
- <span class="sidebar-text">Executions</span>
85
- </a>
86
- <a href="#" class="nav-item flex items-center space-x-3 p-2 rounded hover:bg-gray-700">
87
- <i class="fas fa-cog"></i>
88
- <span class="sidebar-text">Settings</span>
89
- </a>
90
- </nav>
91
- <div class="p-4 border-t border-gray-700">
92
- <h3 class="sidebar-text text-xs uppercase font-semibold text-gray-400 mb-2">Quick Actions</h3>
93
- <div class="space-y-2">
94
- <button onclick="showCreatePlaybookModal()" class="w-full flex items-center space-x-3 p-2 rounded hover:bg-gray-700 text-sm">
95
- <i class="fas fa-plus"></i>
96
- <span class="sidebar-text">New Playbook</span>
97
- </button>
98
- <button onclick="showTriggerEventModal()" class="w-full flex items-center space-x-3 p-2 rounded hover:bg-gray-700 text-sm">
99
- <i class="fas fa-play"></i>
100
- <span class="sidebar-text">Trigger Event</span>
101
- </button>
102
- </div>
103
- </div>
104
- </div>
105
- <div class="p-4 border-t border-gray-700 flex items-center justify-between">
106
- <div class="flex items-center space-x-3">
107
- <div class="w-8 h-8 rounded-full bg-blue-500 flex items-center justify-center">
108
- <span class="text-white font-bold">AD</span>
109
- </div>
110
- <div class="sidebar-text">
111
- <div class="font-medium">Admin User</div>
112
- <div class="text-xs text-gray-400">admin@soar.local</div>
113
- </div>
114
- </div>
115
- <button onclick="toggleSidebar()" class="text-gray-400 hover:text-white">
116
- <i class="fas fa-chevron-left"></i>
117
  </button>
118
  </div>
119
- </div>
120
 
121
- <!-- Main Content -->
122
- <div id="main-content" class="main-content flex-1 overflow-auto">
123
- <!-- Top Navigation -->
124
- <header class="bg-white shadow-sm">
125
- <div class="px-4 py-3 flex items-center justify-between">
126
- <div class="flex items-center space-x-4">
127
- <button onclick="toggleSidebar()" class="text-gray-600 hover:text-gray-900">
128
- <i class="fas fa-bars"></i>
129
- </button>
130
- <h1 class="text-xl font-semibold text-gray-800">Playbook Executions</h1>
131
- </div>
132
- <div class="flex items-center space-x-4">
133
- <div class="relative">
134
- <input type="text" placeholder="Search..." class="pl-10 pr-4 py-2 border rounded-lg focus:outline-none focus:ring-2 focus:ring-blue-500">
135
- <i class="fas fa-search absolute left-3 top-3 text-gray-400"></i>
136
  </div>
137
- <button class="p-2 text-gray-600 hover:text-gray-900 relative">
138
- <i class="fas fa-bell"></i>
139
- <span class="absolute top-0 right-0 w-2 h-2 bg-red-500 rounded-full"></span>
140
- </button>
141
  </div>
142
- </div>
143
- </header>
144
-
145
- <!-- Content -->
146
- <main class="p-6">
147
- <!-- Stats Cards -->
148
- <div class="grid grid-cols-1 md:grid-cols-4 gap-6 mb-6">
149
- <div class="bg-white rounded-lg shadow p-6">
150
- <div class="flex items-center justify-between">
151
- <div>
152
- <p class="text-gray-500">Total Events</p>
153
- <h3 class="text-2xl font-bold">1,248</h3>
154
- </div>
155
- <div class="p-3 rounded-full bg-blue-100 text-blue-600">
156
- <i class="fas fa-bolt"></i>
157
  </div>
 
158
  </div>
159
- </div>
160
- <div class="bg-white rounded-lg shadow p-6">
161
- <div class="flex items-center justify-between">
162
- <div>
163
- <p class="text-gray-500">Active Playbooks</p>
164
- <h3 class="text-2xl font-bold">42</h3>
165
- </div>
166
- <div class="p-3 rounded-full bg-green-100 text-green-600">
167
- <i class="fas fa-book"></i>
168
  </div>
 
169
  </div>
170
- </div>
171
- <div class="bg-white rounded-lg shadow p-6">
172
- <div class="flex items-center justify-between">
173
- <div>
174
- <p class="text-gray-500">Today's Executions</p>
175
- <h3 class="text-2xl font-bold">87</h3>
176
- </div>
177
- <div class="p-3 rounded-full bg-purple-100 text-purple-600">
178
- <i class="fas fa-history"></i>
179
  </div>
 
180
  </div>
181
  </div>
182
- <div class="bg-white rounded-lg shadow p-6">
183
- <div class="flex items-center justify-between">
184
- <div>
185
- <p class="text-gray-500">Avg Response Time</p>
186
- <h3 class="text-2xl font-bold">2.4s</h3>
 
 
 
187
  </div>
188
- <div class="p-3 rounded-full bg-yellow-100 text-yellow-600">
189
- <i class="fas fa-stopwatch"></i>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
190
  </div>
191
  </div>
192
  </div>
193
  </div>
 
194
 
195
- <!-- Recent Executions -->
196
- <div class="bg-white rounded-lg shadow overflow-hidden mb-6">
197
- <div class="px-6 py-4 border-b border-gray-200 flex justify-between items-center">
198
- <h2 class="text-lg font-semibold text-gray-800">Recent Executions</h2>
199
- <button class="text-blue-600 hover:text-blue-800 text-sm font-medium">View All</button>
200
- </div>
201
- <div class="overflow-x-auto">
202
- <table class="min-w-full divide-y divide-gray-200">
203
- <thead class="bg-gray-50">
204
- <tr>
205
- <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Execution ID</th>
206
- <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Playbook</th>
207
- <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Trigger Event</th>
208
- <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Status</th>
209
- <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Duration</th>
210
- <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Actions</th>
211
- </tr>
212
- </thead>
213
- <tbody class="bg-white divide-y divide-gray-200">
214
- <tr>
215
- <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">#EX-1001</td>
216
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Credential Dumping Response</td>
217
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">EVT-2023-06-15-001</td>
218
- <td class="px-6 py-4 whitespace-nowrap">
219
- <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-green-100 text-green-800">Completed</span>
220
- </td>
221
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">4.2s</td>
222
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
223
- <button onclick="showExecutionDetails('EX-1001')" class="text-blue-600 hover:text-blue-900 mr-3"><i class="fas fa-eye"></i></button>
224
- <button class="text-gray-600 hover:text-gray-900"><i class="fas fa-redo"></i></button>
225
- </td>
226
- </tr>
227
- <tr>
228
- <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">#EX-1000</td>
229
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Ransomware Detection</td>
230
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">EVT-2023-06-15-002</td>
231
- <td class="px-6 py-4 whitespace-nowrap">
232
- <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-yellow-100 text-yellow-800">Running</span>
233
- </td>
234
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">12.7s</td>
235
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
236
- <button onclick="showExecutionDetails('EX-1000')" class="text-blue-600 hover:text-blue-900 mr-3"><i class="fas fa-eye"></i></button>
237
- <button class="text-red-600 hover:text-red-900"><i class="fas fa-stop"></i></button>
238
- </td>
239
- </tr>
240
- <tr>
241
- <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">#EX-0999</td>
242
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Phishing Response</td>
243
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">EVT-2023-06-14-005</td>
244
- <td class="px-6 py-4 whitespace-nowrap">
245
- <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-green-100 text-green-800">Completed</span>
246
- </td>
247
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">2.1s</td>
248
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
249
- <button onclick="showExecutionDetails('EX-0999')" class="text-blue-600 hover:text-blue-900 mr-3"><i class="fas fa-eye"></i></button>
250
- <button class="text-gray-600 hover:text-gray-900"><i class="fas fa-redo"></i></button>
251
- </td>
252
- </tr>
253
- <tr>
254
- <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">#EX-0998</td>
255
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Brute Force Protection</td>
256
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">EVT-2023-06-14-003</td>
257
- <td class="px-6 py-4 whitespace-nowrap">
258
- <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-red-100 text-red-800">Failed</span>
259
- </td>
260
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">8.5s</td>
261
- <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
262
- <button onclick="showExecutionDetails('EX-0998')" class="text-blue-600 hover:text-blue-900 mr-3"><i class="fas fa-eye"></i></button>
263
- <button class="text-gray-600 hover:text-gray-900"><i class="fas fa-redo"></i></button>
264
- </td>
265
- </tr>
266
- </tbody>
267
- </table>
268
- </div>
269
- </div>
270
-
271
- <!-- Recent Events -->
272
- <div class="bg-white rounded-lg shadow overflow-hidden">
273
- <div class="px-6 py-4 border-b border-gray-200 flex justify-between items-center">
274
- <h2 class="text-lg font-semibold text-gray-800">Recent Security Events</h2>
275
- <button class="text-blue-600 hover:text-blue-800 text-sm font-medium">View All</button>
276
  </div>
277
- <div class="divide-y divide-gray-200">
278
- <div class="p-4 hover:bg-gray-50 cursor-pointer" onclick="showEventDetails('EVT-2023-06-15-001')">
279
- <div class="flex items-start">
280
- <div class="flex-shrink-0 pt-1">
281
- <div class="severity-high h-3 w-3 rounded-full"></div>
 
 
 
282
  </div>
283
- <div class="ml-3 flex-1">
284
- <div class="flex items-center justify-between">
285
- <p class="text-sm font-medium text-gray-900">Credential dumping detected</p>
286
- <p class="text-sm text-gray-500">2 min ago</p>
287
- </div>
288
- <p class="text-sm text-gray-500">Host: WIN-SERVER-01 (192.168.1.100)</p>
 
289
  </div>
 
 
 
 
 
 
 
290
  </div>
291
  </div>
292
- <div class="p-4 hover:bg-gray-50 cursor-pointer" onclick="showEventDetails('EVT-2023-06-15-002')">
293
- <div class="flex items-start">
294
- <div class="flex-shrink-0 pt-1">
295
- <div class="severity-critical h-3 w-3 rounded-full"></div>
 
296
  </div>
297
- <div class="ml-3 flex-1">
298
- <div class="flex items-center justify-between">
299
- <p class="text-sm font-medium text-gray-900">Ransomware activity detected</p>
300
- <p class="text-sm text-gray-500">15 min ago</p>
301
- </div>
302
- <p class="text-sm text-gray-500">Host: WIN-WORKSTATION-42 (192.168.1.42)</p>
 
303
  </div>
 
 
 
 
 
 
304
  </div>
305
  </div>
306
- <div class="p-4 hover:bg-gray-50 cursor-pointer" onclick="showEventDetails('EVT-2023-06-14-005')">
307
- <div class="flex items-start">
308
- <div class="flex-shrink-0 pt-1">
309
- <div class="severity-medium h-3 w-3 rounded-full"></div>
 
310
  </div>
311
- <div class="ml-3 flex-1">
312
- <div class="flex items-center justify-between">
313
- <p class="text-sm font-medium text-gray-900">Phishing email reported</p>
314
- <p class="text-sm text-gray-500">3 hours ago</p>
315
- </div>
316
- <p class="text-sm text-gray-500">User: jsmith@domain.com</p>
 
 
 
 
 
317
  </div>
 
 
 
 
 
 
 
318
  </div>
319
  </div>
320
- <div class="p-4 hover:bg-gray-50 cursor-pointer" onclick="showEventDetails('EVT-2023-06-14-003')">
321
- <div class="flex items-start">
322
- <div class="flex-shrink-0 pt-1">
323
- <div class="severity-high h-3 w-3 rounded-full"></div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
324
  </div>
325
- <div class="ml-3 flex-1">
326
- <div class="flex items-center justify-between">
327
- <p class="text-sm font-medium text-gray-900">Brute force attack detected</p>
328
- <p class="text-sm text-gray-500">5 hours ago</p>
 
329
  </div>
330
- <p class="text-sm text-gray-500">Source IP: 45.227.253.109</p>
 
 
331
  </div>
332
  </div>
333
  </div>
334
  </div>
335
  </div>
336
- </main>
337
- </div>
338
- </div>
339
-
340
- <!-- Modals -->
341
- <!-- Create Playbook Modal -->
342
- <div id="create-playbook-modal" class="fixed inset-0 bg-gray-600 bg-opacity-50 flex items-center justify-center hidden z-50">
343
- <div class="bg-white rounded-lg shadow-xl w-full max-w-4xl">
344
- <div class="px-6 py-4 border-b border-gray-200 flex justify-between items-center">
345
- <h3 class="text-lg font-semibold text-gray-800">Create New Playbook</h3>
346
- <button onclick="hideModal('create-playbook-modal')" class="text-gray-400 hover:text-gray-500">
347
- <i class="fas fa-times"></i>
348
- </button>
349
  </div>
350
- <div class="p-6">
351
- <div class="grid grid-cols-1 md:grid-cols-2 gap-6 mb-6">
352
- <div>
353
- <label class="block text-sm font-medium text-gray-700 mb-1">Playbook ID</label>
354
- <input type="text" class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="e.g., credential-dumping-response">
355
- </div>
356
- <div>
357
- <label class="block text-sm font-medium text-gray-700 mb-1">Playbook Name</label>
358
- <input type="text" class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="e.g., Credential Dumping Response">
359
- </div>
360
- </div>
361
- <div class="mb-6">
362
- <label class="block text-sm font-medium text-gray-700 mb-1">Description</label>
363
- <textarea class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" rows="3" placeholder="Describe what this playbook does..."></textarea>
364
- </div>
365
- <div class="mb-6">
366
- <label class="block text-sm font-medium text-gray-700 mb-1">Trigger Type</label>
367
- <select class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
368
- <option>Log Event</option>
369
- <option>Alert</option>
370
- <option>API Call</option>
371
- <option>Schedule</option>
372
- </select>
373
- </div>
374
- <div class="mb-6">
375
- <label class="block text-sm font-medium text-gray-700 mb-1">Trigger Condition (Jinja2 Template)</label>
376
- <textarea class="w-full font-mono text-sm border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" rows="4" placeholder="event.log.source == 'Security' and event.log.event_id == 4688">event.log.source == 'Security' and 'sekurlsa::logonpasswords' in event.log.message</textarea>
377
- </div>
378
- <div class="mb-6">
379
- <label class="block text-sm font-medium text-gray-700 mb-1">Tags</label>
380
- <div class="flex flex-wrap gap-2">
381
- <span class="inline-flex items-center px-2 py-1 rounded-full text-xs font-medium bg-blue-100 text-blue-800">credential-access</span>
382
- <span class="inline-flex items-center px-2 py-1 rounded-full text-xs font-medium bg-green-100 text-green-800">t1003</span>
383
- <span class="inline-flex items-center px-2 py-1 rounded-full text-xs font-medium bg-purple-100 text-purple-800">windows</span>
384
- <button class="inline-flex items-center px-2 py-1 rounded-full text-xs font-medium bg-gray-100 text-gray-800">
385
- <i class="fas fa-plus mr-1"></i> Add Tag
386
- </button>
387
- </div>
388
- </div>
389
- <div class="mb-6">
390
- <div class="flex justify-between items-center mb-2">
391
- <label class="block text-sm font-medium text-gray-700">Steps</label>
392
- <button onclick="addPlaybookStep()" class="text-sm text-blue-600 hover:text-blue-800 font-medium">
393
- <i class="fas fa-plus mr-1"></i> Add Step
394
- </button>
395
  </div>
396
- <div id="playbook-steps" class="space-y-4">
397
- <div class="playbook-step p-4 bg-gray-50 rounded-lg">
398
- <div class="flex justify-between items-start mb-2">
399
- <div class="w-full">
400
- <label class="block text-sm font-medium text-gray-700 mb-1">Action</label>
401
- <select class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
402
- <option>Notify</option>
403
- <option>EDR Isolate</option>
404
- <option>Create Ticket</option>
405
- <option>Run Script</option>
406
- <option>Block IP</option>
407
- </select>
 
 
408
  </div>
409
- <button class="ml-2 text-red-500 hover:text-red-700 mt-7">
410
- <i class="fas fa-trash"></i>
411
- </button>
412
- </div>
413
- <div class="mb-2">
414
- <label class="block text-sm font-medium text-gray-700 mb-1">Name</label>
415
- <input type="text" class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="Step name">
416
  </div>
417
- <div>
418
- <label class="block text-sm font-medium text-gray-700 mb-1">Parameters (YAML)</label>
419
- <textarea class="w-full font-mono text-sm border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" rows="4" placeholder="channel: 'soc_teams'
420
- message: 'Credential dumping detected on {{ event.host }}'">channel: 'soc_teams'
421
- message: 'Credential dumping detected on {{ event.host }}'</textarea>
 
 
 
 
 
 
 
 
422
  </div>
423
- </div>
424
- <div class="playbook-step p-4 bg-gray-50 rounded-lg">
425
- <div class="flex justify-between items-start mb-2">
426
- <div class="w-full">
427
- <label class="block text-sm font-medium text-gray-700 mb-1">Action</label>
428
- <select class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
429
- <option>Notify</option>
430
- <option selected>EDR Isolate</option>
431
- <option>Create Ticket</option>
432
- <option>Run Script</option>
433
- <option>Block IP</option>
434
- </select>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
435
  </div>
436
- <button class="ml-2 text-red-500 hover:text-red-700 mt-7">
437
- <i class="fas fa-trash"></i>
438
- </button>
439
  </div>
440
- <div class="mb-2">
441
- <label class="block text-sm font-medium text-gray-700 mb-1">Name</label>
442
- <input type="text" class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="Step name" value="Isolate Host">
 
 
 
 
443
  </div>
444
- <div>
445
- <label class="block text-sm font-medium text-gray-700 mb-1">Parameters (YAML)</label>
446
- <textarea class="w-full font-mono text-sm border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" rows="4">host_id: '{{ event.host_id }}'
447
- reason: 'Credential dumping detected'</textarea>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
448
  </div>
449
  </div>
450
  </div>
451
  </div>
452
  </div>
453
- <div class="px-6 py-4 border-t border-gray-200 flex justify-end space-x-3">
454
- <button onclick="hideModal('create-playbook-modal')" class="px-4 py-2 border border-gray-300 rounded-lg text-gray-700 hover:bg-gray-50">Cancel</button>
455
- <button class="px-4 py-2 bg-blue-600 rounded-lg text-white hover:bg-blue-700">Create Playbook</button>
456
- </div>
457
- </div>
458
- </div>
459
 
460
- <!-- Trigger Event Modal -->
461
- <div id="trigger-event-modal" class="fixed inset-0 bg-gray-600 bg-opacity-50 flex items-center justify-center hidden z-50">
462
- <div class="bg-white rounded-lg shadow-xl w-full max-w-3xl">
463
- <div class="px-6 py-4 border-b border-gray-200 flex justify-between items-center">
464
- <h3 class="text-lg font-semibold text-gray-800">Trigger New Event</h3>
465
- <button onclick="hideModal('trigger-event-modal')" class="text-gray-400 hover:text-gray-500">
466
- <i class="fas fa-times"></i>
467
- </button>
468
- </div>
469
- <div class="p-6">
470
- <div class="mb-6">
471
- <label class="block text-sm font-medium text-gray-700 mb-1">Playbook</label>
472
- <select class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
473
- <option>Credential Dumping Response</option>
474
- <option>Ransomware Detection</option>
475
- <option>Phishing Response</option>
476
- <option>Brute Force Protection</option>
477
- </select>
478
- </div>
479
- <div class="mb-6">
480
- <label class="block text-sm font-medium text-gray-700 mb-1">Event Data (JSON)</label>
481
- <div class="json-viewer" id="event-data-preview">{
482
- "event_id": "EVT-2023-06-15-001",
483
- "host": "WIN-SERVER-01",
484
- "host_id": "host_12345",
485
- "source_ip": "192.168.1.100",
486
- "log": {
487
- "source": "Security",
488
- "event_id": 4688,
489
- "message": "sekurlsa::logonpasswords detected",
490
- "timestamp": "2023-06-15T10:30:00Z"
491
- },
492
- "severity": "high"
493
- }</div>
494
- </div>
495
- <div class="flex items-center">
496
- <input type="checkbox" id="use-sample-data" class="h-4 w-4 text-blue-600 focus:ring-blue-500 border-gray-300 rounded">
497
- <label for="use-sample-data" class="ml-2 block text-sm text-gray-700">Use sample event data</label>
498
- </div>
499
- </div>
500
- <div class="px-6 py-4 border-t border-gray-200 flex justify-end space-x-3">
501
- <button onclick="hideModal('trigger-event-modal')" class="px-4 py-2 border border-gray-300 rounded-lg text-gray-700 hover:bg-gray-50">Cancel</button>
502
- <button class="px-4 py-2 bg-blue-600 rounded-lg text-white hover:bg-blue-700">Trigger Event</button>
503
- </div>
504
- </div>
505
- </div>
506
-
507
- <!-- Execution Details Modal -->
508
- <div id="execution-details-modal" class="fixed inset-0 bg-gray-600 bg-opacity-50 flex items-center justify-center hidden z-50">
509
- <div class="bg-white rounded-lg shadow-xl w-full max-w-4xl">
510
- <div class="px-6 py-4 border-b border-gray-200 flex justify-between items-center">
511
- <h3 class="text-lg font-semibold text-gray-800">Execution Details - #EX-1001</h3>
512
- <button onclick="hideModal('execution-details-modal')" class="text-gray-400 hover:text-gray-500">
513
- <i class="fas fa-times"></i>
514
- </button>
515
- </div>
516
- <div class="p-6">
517
- <div class="grid grid-cols-1 md:grid-cols-2 gap-6 mb-6">
518
- <div>
519
- <h4 class="text-sm font-medium text-gray-500 mb-2">Playbook</h4>
520
- <p class="text-base font-medium text-gray-900">Credential Dumping Response</p>
521
- </div>
522
- <div>
523
- <h4 class="text-sm font-medium text-gray-500 mb-2">Status</h4>
524
- <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-green-100 text-green-800">Completed</span>
525
- </div>
526
- <div>
527
- <h4 class="text-sm font-medium text-gray-500 mb-2">Trigger Event</h4>
528
- <p class="text-base font-medium text-gray-900">EVT-2023-06-15-001</p>
529
- </div>
530
- <div>
531
- <h4 class="text-sm font-medium text-gray-500 mb-2">Duration</h4>
532
- <p class="text-base font-medium text-gray-900">4.2 seconds</p>
533
- </div>
534
- <div>
535
- <h4 class="text-sm font-medium text-gray-500 mb-2">Started At</h4>
536
- <p class="text-base font-medium text-gray-900">2023-06-15 10:30:05 UTC</p>
537
- </div>
538
- <div>
539
- <h4 class="text-sm font-medium text-gray-500 mb-2">Completed At</h4>
540
- <p class="text-base font-medium text-gray-900">2023-06-15 10:30:09 UTC</p>
541
  </div>
542
- </div>
543
- <div class="mb-6">
544
- <h4 class="text-sm font-medium text-gray-500 mb-2">Trigger Event Data</h4>
545
- <div class="json-viewer">{
546
- "event_id": "EVT-2023-06-15-001",
547
- "host": "WIN-SERVER-01",
548
- "host_id": "host_12345",
549
- "source_ip": "192.168.1.100",
550
- "log": {
551
- "source": "Security",
552
- "event_id": 4688,
553
- "message": "sekurlsa::logonpasswords detected",
554
- "timestamp": "2023-06-15T10:30:00Z"
555
- },
556
- "severity": "high"
557
- }</div>
558
- </div>
559
- <div class="mb-6">
560
- <h4 class="text-sm font-medium text-gray-500 mb-2">Execution Steps</h4>
561
- <div class="space-y-3">
562
- <div class="p-3 bg-green-50 rounded-lg border border-green-100">
563
- <div class="flex items-center justify-between mb-1">
564
- <div class="font-medium text-green-800">1. Alert Analyst</div>
565
- <div class="text-xs text-green-600">Success (1.2s)</div>
566
  </div>
567
- <div class="text-sm text-green-700">Notified SOC team via Teams channel</div>
568
- </div>
569
- <div class="p-3 bg-green-50 rounded-lg border border-green-100">
570
- <div class="flex items-center justify-between mb-1">
571
- <div class="font-medium text-green-800">2. Isolate Host</div>
572
- <div class="text-xs text-green-600">Success (2.1s)</div>
 
 
 
573
  </div>
574
- <div class="text-sm text-green-700">Isolated host WIN-SERVER-01 via EDR</div>
575
- </div>
576
- <div class="p-3 bg-green-50 rounded-lg border border-green-100">
577
- <div class="flex items-center justify-between mb-1">
578
- <div class="font-medium text-green-800">3. Create Ticket</div>
579
- <div class="text-xs text-green-600">Success (0.9s)</div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
580
  </div>
581
- <div class="text-sm text-green-700">Created ticket #INC-12345 in ServiceNow</div>
582
  </div>
583
- </div>
584
- </div>
585
- </div>
586
- <div class="px-6 py-4 border-t border-gray-200 flex justify-end">
587
- <button onclick="hideModal('execution-details-modal')" class="px-4 py-2 bg-blue-600 rounded-lg text-white hover:bg-blue-700">Close</button>
588
- </div>
589
- </div>
590
- </div>
591
-
592
- <!-- Event Details Modal -->
593
- <div id="event-details-modal" class="fixed inset-0 bg-gray-600 bg-opacity-50 flex items-center justify-center hidden z-50">
594
- <div class="bg-white rounded-lg shadow-xl w-full max-w-4xl">
595
- <div class="px-6 py-4 border-b border-gray-200 flex justify-between items-center">
596
- <h3 class="text-lg font-semibold text-gray-800">Event Details - EVT-2023-06-15-001</h3>
597
- <button onclick="hideModal('event-details-modal')" class="text-gray-400 hover:text-gray-500">
598
- <i class="fas fa-times"></i>
599
- </button>
600
- </div>
601
- <div class="p-6">
602
- <div class="grid grid-cols-1 md:grid-cols-2 gap-6 mb-6">
603
- <div>
604
- <h4 class="text-sm font-medium text-gray-500 mb-2">Event ID</h4>
605
- <p class="text-base font-medium text-gray-900">EVT-2023-06-15-001</p>
606
- </div>
607
- <div>
608
- <h4 class="text-sm font-medium text-gray-500 mb-2">Severity</h4>
609
- <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-red-100 text-red-800">High</span>
610
- </div>
611
- <div>
612
- <h4 class="text-sm font-medium text-gray-500 mb-2">Host</h4>
613
- <p class="text-base font-medium text-gray-900">WIN-SERVER-01 (host_12345)</p>
614
- </div>
615
- <div>
616
- <h4 class="text-sm font-medium text-gray-500 mb-2">Source IP</h4>
617
- <p class="text-base font-medium text-gray-900">192.168.1.100</p>
618
- </div>
619
- <div>
620
- <h4 class="text-sm font-medium text-gray-500 mb-2">Timestamp</h4>
621
- <p class="text-base font-medium text-gray-900">2023-06-15 10:30:00 UTC</p>
622
- </div>
623
- <div>
624
- <h4 class="text-sm font-medium text-gray-500 mb-2">Related Executions</h4>
625
- <p class="text-base font-medium text-gray-900">1 execution</p>
626
- </div>
627
- </div>
628
- <div class="mb-6">
629
- <h4 class="text-sm font-medium text-gray-500 mb-2">Event Data</h4>
630
- <div class="json-viewer">{
631
- "event_id": "EVT-2023-06-15-001",
632
- "host": "WIN-SERVER-01",
633
- "host_id": "host_12345",
634
- "source_ip": "192.168.1.100",
635
- "log": {
636
- "source": "Security",
637
- "event_id": 4688,
638
- "message": "sekurlsa::logonpasswords detected",
639
- "timestamp": "2023-06-15T10:30:00Z"
640
- },
641
- "severity": "high"
642
- }</div>
643
- </div>
644
- <div class="mb-6">
645
- <h4 class="text-sm font-medium text-gray-500 mb-2">Triggered Playbooks</h4>
646
- <div class="space-y-3">
647
- <div class="p-3 bg-blue-50 rounded-lg border border-blue-100">
648
- <div class="flex items-center justify-between">
649
- <div>
650
- <div class="font-medium text-blue-800">Credential Dumping Response</div>
651
- <div class="text-sm text-blue-700">Automated response to credential dumping activity</div>
652
- </div>
653
- <button class="px-3 py-1 bg-blue-600 rounded-lg text-white text-sm hover:bg-blue-700">View Execution</button>
654
  </div>
655
- </div>
656
- </div>
657
- </div>
658
- </div>
659
- <div class="px-6 py-4 border-t border-gray-200 flex justify-end space-x-3">
660
- <button onclick="hideModal('event-details-modal')" class="px-4 py-2 border border-gray-300 rounded-lg text-gray-700 hover:bg-gray-50">Close</button>
661
- <button class="px-4 py-2 bg-blue-600 rounded-lg text-white hover:bg-blue-700">Create Playbook</button>
662
- </div>
663
- </div>
664
- </div>
665
-
666
- <script>
667
- // Toggle sidebar
668
- function toggleSidebar() {
669
- const sidebar = document.getElementById('sidebar');
670
- const mainContent = document.getElementById('main-content');
671
-
672
- sidebar.classList.toggle('collapsed');
673
- mainContent.classList.toggle('expanded');
674
-
675
- // Change the chevron icon direction
676
- const toggleBtn = sidebar.querySelector('button');
677
- const icon = toggleBtn.querySelector('i');
678
-
679
- if (sidebar.classList.contains('collapsed')) {
680
- icon.classList.remove('fa-chevron-left');
681
- icon.classList.add('fa-chevron-right');
682
- } else {
683
- icon.classList.remove('fa-chevron-right');
684
- icon.classList.add('fa-chevron-left');
685
- }
686
- }
687
-
688
- // Modal functions
689
- function showCreatePlaybookModal() {
690
- document.getElementById('create-playbook-modal').classList.remove('hidden');
691
- }
692
-
693
- function showTriggerEventModal() {
694
- document.getElementById('trigger-event-modal').classList.remove('hidden');
695
- }
696
-
697
- function showExecutionDetails(id) {
698
- // In a real app, we would fetch the execution details based on the ID
699
- document.getElementById('execution-details-modal').classList.remove('hidden');
700
- }
701
-
702
- function showEventDetails(id) {
703
- // In a real app, we would fetch the event details based on the ID
704
- document.getElementById('event-details-modal').classList.remove('hidden');
705
- }
706
-
707
- function hideModal(modalId) {
708
- document.getElementById(modalId).classList.add('hidden');
709
- }
710
-
711
- // Add playbook step
712
- function addPlaybookStep() {
713
- const stepsContainer = document.getElementById('playbook-steps');
714
-
715
- const stepDiv = document.createElement('div');
716
- stepDiv.className = 'playbook-step p-4 bg-gray-50 rounded-lg';
717
- stepDiv.innerHTML = `
718
- <div class="flex justify-between items-start mb-2">
719
- <div class="w-full">
720
- <label class="block text-sm font-medium text-gray-700 mb-1">Action</label>
721
- <select class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
722
- <option>Notify</option>
723
- <option>EDR Isolate</option>
724
- <option>Create Ticket</option>
725
- <option>Run Script</option>
726
- <option>Block IP</option>
727
- </select>
728
- </div>
729
- <button onclick="this.parentNode.parentNode.parentNode.remove()" class="ml-2 text-red-500 hover:text-red-700 mt-7">
730
- <i class="fas fa-trash"></i>
731
- </button>
732
- </div>
733
- <div class="mb-2">
734
- <label class="block text-sm font-medium text-gray-700 mb-1">Name</label>
735
- <input type="text" class="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="Step name">
736
- </div>
737
- <div>
738
- <label class="block text-sm font-medium text-gray-700 mb-1">Parameters (YAML)</label>
739
- <textarea class="w-full font-mono text-sm border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" rows="4" placeholder="key: value"></textarea>
740
- </div>
741
- `;
742
-
743
- stepsContainer.appendChild(stepDiv);
744
- }
745
-
746
- // Close modals when clicking outside
747
- window.addEventListener('click', function(event) {
748
- if (event.target.classList.contains('fixed')) {
749
- event.target.classList.add('hidden');
750
- }
751
- });
752
- </script>
753
- <p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=S-Dreamer/playbook-execution" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
754
  </html>
 
3
  <head>
4
  <meta charset="UTF-8">
5
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>SOAR Engine Interactive Dashboard</title>
7
  <script src="https://cdn.tailwindcss.com"></script>
8
+ <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
9
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
10
+ <link rel="preconnect" href="https://fonts.googleapis.com">
11
+ <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
12
+ <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
13
  <style>
14
+ body { font-family: 'Inter', sans-serif; }
15
+ .tab-active {
16
+ border-bottom-color: #3b82f6;
17
+ color: #3b82f6;
18
+ font-weight: 600;
19
  }
20
+ .chart-container {
21
+ position: relative;
22
+ width: 100%;
23
+ height: 300px;
24
  }
25
+ .code-block {
26
+ background-color: #1f2937;
27
+ color: #d1d5db;
28
+ border-radius: 0.375rem;
29
  }
30
+ .arrow {
31
+ position: relative;
32
+ width: 2px;
33
+ background-color: #6b7280;
34
+ margin: 1rem auto;
35
+ height: 40px;
36
  }
37
+ .arrow::after {
38
+ content: '';
39
+ position: absolute;
40
+ bottom: -1px;
41
+ left: 50%;
42
+ transform: translateX(-50%);
43
+ width: 0;
44
+ height: 0;
45
+ border-left: 6px solid transparent;
46
+ border-right: 6px solid transparent;
47
+ border-top: 8px solid #6b7280;
48
  }
49
+ .step-interactive {
50
+ transition: all 0.2s ease-in-out;
51
+ cursor: pointer;
52
  }
53
+ .step-interactive:hover {
54
+ transform: translateY(-2px);
55
+ box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06);
56
  }
57
+ .step-selected {
58
+ border-color: #3b82f6 !important;
59
+ box-shadow: 0 0 0 3px rgba(59, 130, 246, 0.2);
60
+ transform: translateY(-2px);
61
  }
62
+ .tech-card {
63
+ transition: all 0.2s ease;
64
  }
65
+ .tech-card:hover {
66
+ transform: translateY(-4px);
67
+ box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.1);
68
  }
69
+ .model-card {
70
+ transition: all 0.2s ease;
71
  }
72
+ .model-card:hover {
73
+ transform: translateY(-2px);
74
+ box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);
75
  }
76
+ .copy-btn {
77
+ transition: all 0.2s ease;
78
  }
79
+ .copy-btn:hover {
80
+ background-color: #4b5563;
81
+ }
82
+ .copy-btn.copied {
83
+ background-color: #10b981;
84
+ }
85
+ .details-pane {
86
+ min-height: 400px;
87
+ }
88
+ @media (max-width: 1023px) {
89
+ .workflow-container {
90
+ flex-direction: column;
91
+ }
92
+ .workflow-steps {
93
+ width: 100%;
94
+ margin-bottom: 2rem;
95
+ }
96
+ .details-pane {
97
+ width: 100%;
98
+ }
99
  }
100
  </style>
101
  </head>
102
+ <body class="bg-gray-50 text-gray-800">
103
+ <div class="container mx-auto p-4 md:p-8 max-w-7xl">
104
+ <header class="text-center mb-8">
105
+ <h1 class="text-3xl md:text-4xl font-bold text-gray-900">SOAR Engine Dashboard</h1>
106
+ <p class="mt-2 text-lg text-gray-600">Interactive Security Orchestration, Automation & Response Platform</p>
107
+ <div class="mt-4 flex justify-center space-x-2">
108
+ <span class="px-3 py-1 bg-blue-100 text-blue-800 rounded-full text-sm font-medium">Real-time</span>
109
+ <span class="px-3 py-1 bg-green-100 text-green-800 rounded-full text-sm font-medium">Automated</span>
110
+ <span class="px-3 py-1 bg-purple-100 text-purple-800 rounded-full text-sm font-medium">Scalable</span>
111
  </div>
112
+ </header>
113
+
114
+ <nav class="flex overflow-x-auto pb-2 mb-8 scrollbar-hide">
115
+ <div class="flex space-x-1 border-b border-gray-300 mx-auto">
116
+ <button data-tab="overview" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 tab-active whitespace-nowrap">
117
+ <i class="fas fa-home mr-2"></i>Overview
118
+ </button>
119
+ <button data-tab="models" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 whitespace-nowrap">
120
+ <i class="fas fa-database mr-2"></i>Data Models
121
+ </button>
122
+ <button data-tab="workflow" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 whitespace-nowrap">
123
+ <i class="fas fa-project-diagram mr-2"></i>Workflow
124
+ </button>
125
+ <button data-tab="api" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 whitespace-nowrap">
126
+ <i class="fas fa-code mr-2"></i>API Endpoints
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
127
  </button>
128
  </div>
129
+ </nav>
130
 
131
+ <main>
132
+ <div id="overview" class="tab-content">
133
+ <div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
134
+ <div class="flex items-center justify-between mb-6">
135
+ <h2 class="text-2xl font-bold text-gray-800">System Overview</h2>
136
+ <div class="flex items-center space-x-2">
137
+ <span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">v2.4.1</span>
138
+ <span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">Active</span>
 
 
 
 
 
 
 
139
  </div>
 
 
 
 
140
  </div>
141
+
142
+ <p class="text-gray-600 mb-8">The SOAR Engine automates security response workflows by processing trigger events and executing predefined playbooks. Built on a modern tech stack, it provides reliable, scalable security automation with minimal human intervention.</p>
143
+
144
+ <div class="grid grid-cols-1 md:grid-cols-3 gap-6 mb-8">
145
+ <div class="tech-card bg-gray-100 p-6 rounded-lg border border-gray-200 hover:border-blue-200">
146
+ <div class="flex items-center mb-3">
147
+ <div class="w-10 h-10 bg-blue-100 rounded-full flex items-center justify-center mr-3">
148
+ <i class="fas fa-bolt text-blue-600"></i>
149
+ </div>
150
+ <h3 class="text-lg font-semibold text-gray-700">FastAPI</h3>
 
 
 
 
 
151
  </div>
152
+ <p class="text-gray-600">High-performance API layer for event ingestion and playbook management with automatic OpenAPI documentation.</p>
153
  </div>
154
+ <div class="tech-card bg-gray-100 p-6 rounded-lg border border-gray-200 hover:border-green-200">
155
+ <div class="flex items-center mb-3">
156
+ <div class="w-10 h-10 bg-green-100 rounded-full flex items-center justify-center mr-3">
157
+ <i class="fas fa-database text-green-600"></i>
158
+ </div>
159
+ <h3 class="text-lg font-semibold text-gray-700">SQLAlchemy</h3>
 
 
 
160
  </div>
161
+ <p class="text-gray-600">ORM for database schema management, supporting PostgreSQL, MySQL, and SQLite with advanced query capabilities.</p>
162
  </div>
163
+ <div class="tech-card bg-gray-100 p-6 rounded-lg border border-gray-200 hover:border-purple-200">
164
+ <div class="flex items-center mb-3">
165
+ <div class="w-10 h-10 bg-purple-100 rounded-full flex items-center justify-center mr-3">
166
+ <i class="fas fa-file-code text-purple-600"></i>
167
+ </div>
168
+ <h3 class="text-lg font-semibold text-gray-700">Jinja2</h3>
 
 
 
169
  </div>
170
+ <p class="text-gray-600">Templating engine for dynamic playbook execution, enabling context-aware automation with event data.</p>
171
  </div>
172
  </div>
173
+
174
+ <div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
175
+ <h3 class="text-xl font-bold text-gray-800 mb-4 text-center">Playbook Analytics</h3>
176
+ <p class="text-gray-600 mb-6 text-center">Quantitative breakdown of playbook components showing the structure of automated workflows.</p>
177
+
178
+ <div class="grid grid-cols-1 md:grid-cols-2 gap-8 items-center">
179
+ <div class="chart-container">
180
+ <canvas id="playbookChart"></canvas>
181
  </div>
182
+ <div>
183
+ <div class="space-y-4">
184
+ <div class="flex items-center">
185
+ <div class="w-4 h-4 bg-yellow-400 rounded-full mr-3"></div>
186
+ <div>
187
+ <h4 class="font-medium text-gray-700">Triggers</h4>
188
+ <p class="text-sm text-gray-500">Events that initiate playbook execution</p>
189
+ </div>
190
+ </div>
191
+ <div class="flex items-center">
192
+ <div class="w-4 h-4 bg-gray-300 rounded-full mr-3"></div>
193
+ <div>
194
+ <h4 class="font-medium text-gray-700">Conditions</h4>
195
+ <p class="text-sm text-gray-500">Logic gates for workflow branching</p>
196
+ </div>
197
+ </div>
198
+ <div class="flex items-center">
199
+ <div class="w-4 h-4 bg-indigo-500 rounded-full mr-3"></div>
200
+ <div>
201
+ <h4 class="font-medium text-gray-700">Action Steps</h4>
202
+ <p class="text-sm text-gray-500">Individual automated tasks</p>
203
+ </div>
204
+ </div>
205
+ </div>
206
  </div>
207
  </div>
208
  </div>
209
  </div>
210
+ </div>
211
 
212
+ <div id="models" class="tab-content hidden">
213
+ <div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
214
+ <div class="flex items-center justify-between mb-6">
215
+ <h2 class="text-2xl font-bold text-gray-800">Database Schema</h2>
216
+ <div class="flex items-center space-x-2">
217
+ <span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">Normalized</span>
218
+ <span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">Relational</span>
219
+ </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
220
  </div>
221
+
222
+ <p class="text-gray-600 mb-8 text-center">The database schema is designed for efficient storage and retrieval of security events, playbooks, and execution logs with clear relationships between entities.</p>
223
+
224
+ <div class="grid grid-cols-1 lg:grid-cols-3 gap-6 mb-8">
225
+ <div class="model-card border border-blue-200 rounded-lg p-6 bg-blue-50/50">
226
+ <div class="flex items-center mb-3">
227
+ <div class="w-10 h-10 bg-blue-100 rounded-full flex items-center justify-center mr-3">
228
+ <i class="fas fa-bell text-blue-600"></i>
229
  </div>
230
+ <h3 class="text-xl font-semibold text-blue-700">TriggerEvent</h3>
231
+ </div>
232
+ <p class="text-sm text-blue-600 mb-4">Incoming security alerts that initiate automated responses</p>
233
+ <div class="space-y-2 text-gray-700">
234
+ <div class="flex items-start">
235
+ <div class="bg-blue-100 text-blue-800 px-2 py-1 rounded text-xs font-mono mr-2">PK</div>
236
+ <div><strong>id:</strong> <span class="text-gray-600">Integer</span></div>
237
  </div>
238
+ <div><strong>event_id:</strong> <span class="text-gray-600">String</span></div>
239
+ <div><strong>host:</strong> <span class="text-gray-600">String</span></div>
240
+ <div><strong>host_id:</strong> <span class="text-gray-600">String</span></div>
241
+ <div><strong>source_ip:</strong> <span class="text-gray-600">String</span></div>
242
+ <div><strong>log:</strong> <span class="text-gray-600">JSON</span></div>
243
+ <div><strong>severity:</strong> <span class="text-gray-600">String</span></div>
244
+ <div><strong>timestamp:</strong> <span class="text-gray-600">DateTime</span></div>
245
  </div>
246
  </div>
247
+
248
+ <div class="model-card border border-green-200 rounded-lg p-6 bg-green-50/50">
249
+ <div class="flex items-center mb-3">
250
+ <div class="w-10 h-10 bg-green-100 rounded-full flex items-center justify-center mr-3">
251
+ <i class="fas fa-book text-green-600"></i>
252
  </div>
253
+ <h3 class="text-xl font-semibold text-green-700">Playbook</h3>
254
+ </div>
255
+ <p class="text-sm text-green-600 mb-4">Automated response workflows with conditional logic</p>
256
+ <div class="space-y-2 text-gray-700">
257
+ <div class="flex items-start">
258
+ <div class="bg-green-100 text-green-800 px-2 py-1 rounded text-xs font-mono mr-2">PK</div>
259
+ <div><strong>id:</strong> <span class="text-gray-600">String</span></div>
260
  </div>
261
+ <div><strong>name:</strong> <span class="text-gray-600">String</span></div>
262
+ <div><strong>description:</strong> <span class="text-gray-600">Text</span></div>
263
+ <div><strong>tags:</strong> <span class="text-gray-600">JSON</span></div>
264
+ <div><strong>trigger_type:</strong> <span class="text-gray-600">String</span></div>
265
+ <div><strong>trigger_condition:</strong> <span class="text-gray-600">Text</span></div>
266
+ <div><strong>steps:</strong> <span class="text-gray-600">JSON</span></div>
267
  </div>
268
  </div>
269
+
270
+ <div class="model-card border border-purple-200 rounded-lg p-6 bg-purple-50/50">
271
+ <div class="flex items-center mb-3">
272
+ <div class="w-10 h-10 bg-purple-100 rounded-full flex items-center justify-center mr-3">
273
+ <i class="fas fa-history text-purple-600"></i>
274
  </div>
275
+ <h3 class="text-xl font-semibold text-purple-700">PlaybookExecution</h3>
276
+ </div>
277
+ <p class="text-sm text-purple-600 mb-4">Audit log of playbook runs with status and timing</p>
278
+ <div class="space-y-2 text-gray-700">
279
+ <div class="flex items-start">
280
+ <div class="bg-purple-100 text-purple-800 px-2 py-1 rounded text-xs font-mono mr-2">PK</div>
281
+ <div><strong>id:</strong> <span class="text-gray-600">Integer</span></div>
282
+ </div>
283
+ <div class="flex items-start">
284
+ <div class="bg-blue-100 text-blue-800 px-2 py-1 rounded text-xs font-mono mr-2">FK</div>
285
+ <div><strong>playbook_id:</strong> <span class="text-gray-600">String → Playbook</span></div>
286
  </div>
287
+ <div class="flex items-start">
288
+ <div class="bg-green-100 text-green-800 px-2 py-1 rounded text-xs font-mono mr-2">FK</div>
289
+ <div><strong>trigger_event_id:</strong> <span class="text-gray-600">Integer → TriggerEvent</span></div>
290
+ </div>
291
+ <div><strong>status:</strong> <span class="text-gray-600">String</span></div>
292
+ <div><strong>started_at:</strong> <span class="text-gray-600">DateTime</span></div>
293
+ <div><strong>completed_at:</strong> <span class="text-gray-600">DateTime</span></div>
294
  </div>
295
  </div>
296
+ </div>
297
+
298
+ <div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
299
+ <h3 class="text-xl font-bold text-gray-800 mb-4 text-center">Entity Relationships</h3>
300
+ <div class="flex flex-col items-center">
301
+ <div class="w-full max-w-md">
302
+ <div class="flex justify-between items-center mb-4">
303
+ <div class="text-center">
304
+ <div class="w-16 h-16 bg-blue-100 rounded-full flex items-center justify-center mx-auto mb-2">
305
+ <i class="fas fa-bell text-blue-600 text-xl"></i>
306
+ </div>
307
+ <span class="text-sm font-medium text-blue-700">TriggerEvent</span>
308
+ </div>
309
+ <div class="text-center">
310
+ <div class="w-16 h-16 bg-green-100 rounded-full flex items-center justify-center mx-auto mb-2">
311
+ <i class="fas fa-book text-green-600 text-xl"></i>
312
+ </div>
313
+ <span class="text-sm font-medium text-green-700">Playbook</span>
314
+ </div>
315
+ <div class="text-center">
316
+ <div class="w-16 h-16 bg-purple-100 rounded-full flex items-center justify-center mx-auto mb-2">
317
+ <i class="fas fa-history text-purple-600 text-xl"></i>
318
+ </div>
319
+ <span class="text-sm font-medium text-purple-700">Execution</span>
320
+ </div>
321
  </div>
322
+ <div class="relative h-2 bg-gray-200 rounded-full overflow-hidden">
323
+ <div class="absolute inset-0 flex">
324
+ <div class="h-full bg-blue-200" style="width: 33%"></div>
325
+ <div class="h-full bg-green-200" style="width: 34%"></div>
326
+ <div class="h-full bg-purple-200" style="width: 33%"></div>
327
  </div>
328
+ </div>
329
+ <div class="mt-4 text-center text-sm text-gray-600">
330
+ One-to-many relationships between entities with foreign key constraints
331
  </div>
332
  </div>
333
  </div>
334
  </div>
335
  </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
336
  </div>
337
+
338
+ <div id="workflow" class="tab-content hidden">
339
+ <div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
340
+ <div class="flex items-center justify-between mb-6">
341
+ <h2 class="text-2xl font-bold text-gray-800">Playbook Execution Flow</h2>
342
+ <div class="flex items-center space-x-2">
343
+ <span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">Interactive</span>
344
+ <span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">Dynamic</span>
345
+ </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
346
  </div>
347
+
348
+ <p class="text-gray-600 mb-8 text-center">Explore how security events trigger automated responses through our visual workflow. Click on any step to see how event data transforms into actionable parameters.</p>
349
+
350
+ <div class="workflow-container flex flex-col lg:flex-row gap-6">
351
+ <div class="workflow-steps lg:w-2/5">
352
+ <div id="trigger-event-box" class="step-interactive border-2 border-dashed border-yellow-400 bg-yellow-50 rounded-lg p-4 mb-4">
353
+ <div class="flex items-center">
354
+ <div class="w-8 h-8 bg-yellow-100 rounded-full flex items-center justify-center mr-3">
355
+ <span class="text-yellow-600 font-bold">1</span>
356
+ </div>
357
+ <div>
358
+ <h4 class="font-bold text-yellow-800">Trigger Event</h4>
359
+ <p class="text-sm text-yellow-700">Credential Dumping Detected</p>
360
+ </div>
361
  </div>
 
 
 
 
 
 
 
362
  </div>
363
+
364
+ <div class="arrow"></div>
365
+
366
+ <div id="condition-check-box" class="step-interactive border-2 border-gray-300 bg-gray-100 rounded-lg p-4 mb-4">
367
+ <div class="flex items-center">
368
+ <div class="w-8 h-8 bg-gray-200 rounded-full flex items-center justify-center mr-3">
369
+ <span class="text-gray-600 font-bold">2</span>
370
+ </div>
371
+ <div>
372
+ <h4 class="font-bold text-gray-800">Condition Check</h4>
373
+ <p class="text-sm text-gray-600">Security event validation</p>
374
+ </div>
375
+ </div>
376
  </div>
377
+
378
+ <div class="arrow"></div>
379
+
380
+ <div class="bg-white p-4 rounded-lg border border-gray-200">
381
+ <h4 class="font-bold text-gray-700 mb-3">Automated Actions</h4>
382
+
383
+ <div id="action-step-1" class="step-interactive border-2 border-transparent bg-blue-100 rounded-lg p-4 mb-3">
384
+ <div class="flex items-center">
385
+ <div class="w-8 h-8 bg-blue-200 rounded-full flex items-center justify-center mr-3">
386
+ <span class="text-blue-700 font-bold">A</span>
387
+ </div>
388
+ <div>
389
+ <h4 class="font-bold text-blue-800">Notify Analyst</h4>
390
+ <p class="text-sm text-blue-700">SOC team alert</p>
391
+ </div>
392
+ </div>
393
+ </div>
394
+
395
+ <div id="action-step-2" class="step-interactive border-2 border-transparent bg-red-100 rounded-lg p-4 mb-3">
396
+ <div class="flex items-center">
397
+ <div class="w-8 h-8 bg-red-200 rounded-full flex items-center justify-center mr-3">
398
+ <span class="text-red-700 font-bold">B</span>
399
+ </div>
400
+ <div>
401
+ <h4 class="font-bold text-red-800">Isolate Host</h4>
402
+ <p class="text-sm text-red-700">Contain threat</p>
403
+ </div>
404
+ </div>
405
+ </div>
406
+
407
+ <div id="action-step-3" class="step-interactive border-2 border-transparent bg-purple-100 rounded-lg p-4">
408
+ <div class="flex items-center">
409
+ <div class="w-8 h-8 bg-purple-200 rounded-full flex items-center justify-center mr-3">
410
+ <span class="text-purple-700 font-bold">C</span>
411
+ </div>
412
+ <div>
413
+ <h4 class="font-bold text-purple-800">Create Ticket</h4>
414
+ <p class="text-sm text-purple-700">Incident tracking</p>
415
+ </div>
416
+ </div>
417
  </div>
 
 
 
418
  </div>
419
+ </div>
420
+
421
+ <div class="details-pane lg:w-3/5 bg-gray-800 rounded-lg p-6">
422
+ <div id="details-initial" class="text-gray-400 text-center flex flex-col justify-center h-full">
423
+ <i class="fas fa-mouse-pointer text-4xl mb-4 opacity-50"></i>
424
+ <p class="text-lg font-medium">Select a step from the workflow</p>
425
+ <p class="text-sm mt-2 opacity-70">to see detailed parameter transformation</p>
426
  </div>
427
+
428
+ <div id="details-content" class="hidden">
429
+ <div class="flex items-center justify-between mb-4">
430
+ <h3 id="details-title" class="text-xl font-bold text-white"></h3>
431
+ <div id="step-badge" class="px-2 py-1 rounded-full text-xs font-medium"></div>
432
+ </div>
433
+
434
+ <div class="mb-6">
435
+ <h4 class="text-md font-semibold text-gray-300 mb-2 flex items-center">
436
+ <i class="fas fa-file-alt mr-2"></i>Original Parameters
437
+ </h4>
438
+ <div class="relative">
439
+ <pre id="details-params" class="code-block p-4 rounded-md text-sm overflow-x-auto"></pre>
440
+ <button onclick="copyDetails('details-params')" class="copy-btn absolute top-2 right-2 bg-gray-600 text-white text-xs font-semibold py-1 px-2 rounded flex items-center">
441
+ <i class="fas fa-copy mr-1"></i> Copy
442
+ </button>
443
+ </div>
444
+ </div>
445
+
446
+ <div>
447
+ <h4 class="text-md font-semibold text-gray-300 mb-2 flex items-center">
448
+ <i class="fas fa-magic mr-2"></i>Rendered Parameters
449
+ </h4>
450
+ <div class="relative">
451
+ <pre id="details-rendered" class="code-block bg-green-900/50 border border-green-500 p-4 rounded-md text-sm overflow-x-auto"></pre>
452
+ <button onclick="copyDetails('details-rendered')" class="copy-btn absolute top-2 right-2 bg-gray-600 text-white text-xs font-semibold py-1 px-2 rounded flex items-center">
453
+ <i class="fas fa-copy mr-1"></i> Copy
454
+ </button>
455
+ </div>
456
+ </div>
457
  </div>
458
  </div>
459
  </div>
460
  </div>
461
  </div>
 
 
 
 
 
 
462
 
463
+ <div id="api" class="tab-content hidden">
464
+ <div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
465
+ <div class="flex items-center justify-between mb-6">
466
+ <h2 class="text-2xl font-bold text-gray-800">API Endpoints</h2>
467
+ <div class="flex items-center space-x-2">
468
+ <span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">RESTful</span>
469
+ <span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">OpenAPI</span>
470
+ </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
471
  </div>
472
+
473
+ <p class="text-gray-600 mb-8 text-center">The SOAR Engine exposes a clean REST API for integration with security tools and custom applications. All endpoints support JSON payloads and include comprehensive documentation.</p>
474
+
475
+ <div class="space-y-8">
476
+ <div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
477
+ <div class="flex items-center mb-4">
478
+ <div class="bg-blue-100 text-blue-800 px-3 py-1 rounded-md text-sm font-mono mr-4">POST</div>
479
+ <h3 class="text-xl font-semibold">/load_playbook/</h3>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
480
  </div>
481
+
482
+ <p class="text-gray-600 mb-4">Registers a new playbook or updates an existing one. The YAML definition includes triggers, conditions, and action steps for automated security responses.</p>
483
+
484
+ <div class="mb-4">
485
+ <h4 class="text-md font-semibold text-gray-700 mb-2">Request Headers:</h4>
486
+ <div class="bg-gray-100 p-3 rounded-md font-mono text-sm">
487
+ Content-Type: application/yaml<br>
488
+ X-API-Key: your_api_key_here
489
+ </div>
490
  </div>
491
+
492
+ <h4 class="text-md font-semibold text-gray-700 mb-2">Example Request:</h4>
493
+ <div class="relative">
494
+ <pre id="api-load-body" class="code-block p-4 rounded-md text-sm overflow-x-auto">id: credential-dumping-response
495
+ name: Credential Dumping Response
496
+ description: Automated response to Mimikatz activity
497
+ tags:
498
+ - credential-access
499
+ - t1003
500
+ - windows
501
+ trigger_type: log_event
502
+ trigger_condition: |
503
+ event.log.source == 'Security' and
504
+ 'sekurlsa::logonpasswords' in event.log.message
505
+ steps:
506
+ - name: Alert Analyst
507
+ action: notify
508
+ params:
509
+ channel: soc_teams
510
+ message: "Credential dumping detected on {{ event.host }}"
511
+
512
+ - name: Isolate Host
513
+ action: edr_isolate
514
+ params:
515
+ host_id: "{{ event.host_id }}"
516
+ reason: "Credential dumping detected"
517
+
518
+ - name: Create Ticket
519
+ action: create_ticket
520
+ params:
521
+ summary: "Security Incident - {{ event.host }}"
522
+ severity: "{{ event.severity | default('high') }}"</pre>
523
+ <button onclick="copyToClipboard('api-load-body')" class="copy-btn absolute top-2 right-2 bg-gray-600 hover:bg-gray-500 text-white text-xs font-semibold py-1 px-2 rounded flex items-center">
524
+ <i class="fas fa-copy mr-1"></i> Copy
525
+ </button>
526
  </div>
 
527
  </div>
528
+
529
+ <div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
530
+ <div class="flex items-center mb-4">
531
+ <div class="bg-green-100 text-green-800 px-3 py-1 rounded-md text-sm font-mono mr-4">POST</div>
532
+ <h3 class="text-xl font-semibold">/trigger_event/</h3>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
533
  </div>
534
+
535
+ <p class="text-gray-600 mb-4">Submits a security event that will trigger matching playbooks. The event data is used to populate template variables in playbook actions.</p>
536
+
537
+ <div class="mb-4">
538
+ <h4 class="text-md font-sem
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
539
  </html>
prompts.txt CHANGED
@@ -0,0 +1 @@
 
 
1
+ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>SOAR Engine Interactive Dashboard</title> <script src="https://cdn.tailwindcss.com"></script> <script src="https://cdn.jsdelivr.net/npm/chart.js"></script> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet"> <!-- Visualization & Content Choices: - Report Info: Overall project structure. Goal: Inform. Viz/Method: A main header and tabbed navigation. Interaction: Clicking tabs switches views. Justification: Provides a clear, high-level map of the application for easy navigation. Library/Method: HTML/Tailwind/JS. - Report Info: `models.py` (Database schema). Goal: Organize/Inform. Viz/Method: Visual diagrams built with structured HTML/Tailwind. Interaction: Hover effects to provide more details (not implemented to keep complexity down, but planned). Justification: A visual diagram is far more intuitive for understanding database relationships than reading raw class definitions. Library/Method: HTML/Tailwind. - Report Info: `soar_engine.py` workflow & `test_soar_engine.py` sample playbook. Goal: Explain Change/Relationships. Viz/Method: An interactive HTML flowchart. Interaction: Clicking on a step in the visual flow dynamically updates a "Details" panel, showing the Jinja2 template rendering with sample data. Justification: This is the core 'aha!' moment for the user, making the abstract concept of automated template rendering tangible and easy to grasp. Library/Method: HTML/Tailwind/JS. - Report Info: Playbook composition. Goal: Compare/Inform. Viz/Method: Bar chart showing a quantitative breakdown of the playbook (e.g., number of triggers, conditions, steps). Justification: Offers a quick, scannable summary of the playbook's complexity. Library/Method: Chart.js. - Report Info: `main.py` (API endpoints). Goal: Inform. Viz/Method: Clean, styled code blocks. Interaction: Copy-to-clipboard buttons. Justification: Provides developers with immediately usable information in a familiar format. Library/Method: HTML/Tailwind/JS. - CONFIRMATION: NO SVG graphics used. NO Mermaid JS used. --> <style> body { font-family: 'Inter', sans-serif; } .tab-active { border-bottom-color: #3b82f6; color: #3b82f6; } .chart-container { position: relative; width: 100%; max-width: 500px; margin-left: auto; margin-right: auto; height: 300px; max-height: 350px; } .code-block { background-color: #1f2937; color: #d1d5db; } .arrow { position: relative; width: 2px; background-color: #6b7280; margin: 1rem auto; } .arrow::after { content: ''; position: absolute; bottom: -1px; left: 50%; transform: translateX(-50%); width: 0; height: 0; border-left: 6px solid transparent; border-right: 6px solid transparent; border-top: 8px solid #6b7280; } .step-interactive { transition: all 0.2s ease-in-out; } .step-interactive:hover { transform: translateY(-4px); box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.1), 0 4px 6px -2px rgba(0, 0, 0, 0.05); } .step-selected { border-color: #3b82f6; box-shadow: 0 0 0 3px rgba(59, 130, 246, 0.4); } </style> </head> <body class="bg-gray-50 text-gray-800"> <div class="container mx-auto p-4 md:p-8"> <header class="text-center mb-8"> <h1 class="text-4xl font-bold text-gray-900">SOAR Engine Architecture</h1> <p class="mt-2 text-lg text-gray-600">An interactive guide to the Security Orchestration, Automation, and Response platform.</p> </header> <nav class="flex justify-center border-b border-gray-300 mb-8"> <button data-tab="overview" class="tab-button py-4 px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 tab-active">Overview</button> <button data-tab="models" class="tab-button py-4 px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500">Data Models</button> <button data-tab="workflow" class="tab-button py-4 px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500">Interactive Workflow</button> <button data-tab="api" class="tab-button py-4 px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500">API Endpoints</button> </nav> <main> <div id="overview" class="tab-content"> <div class="bg-white p-8 rounded-xl shadow-md"> <h2 class="text-2xl font-bold text-gray-800 mb-4">System Overview</h2> <p class="text-gray-600 mb-6">This application provides an interactive exploration of a Python-based SOAR engine. The engine is designed to automate security response workflows by ingesting trigger events and executing predefined playbooks. It is built on a modern, robust tech stack to ensure reliability and scalability.</p> <div class="grid grid-cols-1 md:grid-cols-3 gap-6 text-center"> <div class="bg-gray-100 p-6 rounded-lg"> <h3 class="text-lg font-semibold text-gray-700">FastAPI</h3> <p class="text-gray-600 mt-2">Provides the high-performance API layer for ingesting events and managing playbooks.</p> </div> <div class="bg-gray-100 p-6 rounded-lg"> <h3 class="text-lg font-semibold text-gray-700">SQLAlchemy</h3> <p class="text-gray-600 mt-2">Manages the database schema and interactions, persisting all events, playbooks, and execution logs.</p> </div> <div class="bg-gray-100 p-6 rounded-lg"> <h3 class="text-lg font-semibold text-gray-700">Jinja2</h3> <p class="text-gray-600 mt-2">Powers the dynamic playbook execution, allowing actions to be customized with data from the trigger event.</p> </div> </div> <div class="mt-8"> <h3 class="text-xl font-bold text-gray-800 mb-4 text-center">Sample Playbook Composition</h3> <p class="text-gray-600 mb-4 text-center">This chart breaks down the components of the sample playbook used in the interactive demo. It gives a quick quantitative sense of a typical playbook's structure.</p> <div class="chart-container"> <canvas id="playbookChart"></canvas> </div> </div> </div> </div> <div id="models" class="tab-content hidden"> <div class="bg-white p-8 rounded-xl shadow-md"> <h2 class="text-2xl font-bold text-gray-800 mb-2">Database Schema</h2> <p class="text-gray-600 mb-6 text-center">The database is the core of the SOAR engine, storing the state of all operations. Below is a visual representation of the three main tables and their relationships. This structure allows us to track incoming security events, the playbooks designed to respond to them, and a detailed log of every execution.</p> <div class="grid grid-cols-1 lg:grid-cols-3 gap-8"> <div class="border border-gray-200 rounded-lg p-6 bg-gray-50"> <h3 class="text-xl font-semibold text-blue-600">TriggerEvent</h3> <p class="text-sm text-gray-500 mb-4">Represents an incoming security alert.</p> <ul class="space-y-2 text-gray-700"> <li><strong>id:</strong> Integer (PK)</li> <li><strong>event_id:</strong> String</li> <li><strong>host:</strong> String</li> <li><strong>host_id:</strong> String</li> <li><strong>source_ip:</strong> String</li> <li><strong>log:</strong> JSON</li> <li><strong>severity:</strong> String</li> <li><strong>timestamp:</strong> DateTime</li> </ul> </div> <div class="border border-gray-200 rounded-lg p-6 bg-gray-50"> <h3 class="text-xl font-semibold text-green-600">Playbook</h3> <p class="text-sm text-gray-500 mb-4">Defines the automated response workflow.</p> <ul class="space-y-2 text-gray-700"> <li><strong>id:</strong> String (PK)</li> <li><strong>name:</strong> String</li> <li><strong>description:</strong> Text</li> <li><strong>tags:</strong> JSON</li> <li><strong>trigger_type:</strong> String</li> <li><strong>trigger_condition:</strong> Text</li> <li><strong>steps:</strong> JSON</li> </ul> </div> <div class="border border-gray-200 rounded-lg p-6 bg-gray-50"> <h3 class="text-xl font-semibold text-purple-600">PlaybookExecution</h3> <p class="text-sm text-gray-500 mb-4">Logs a specific run of a Playbook.</p> <ul class="space-y-2 text-gray-700"> <li><strong>id:</strong> Integer (PK)</li> <li class="text-blue-600"><strong>playbook_id:</strong> String (FK -> Playbook)</li> <li class="text-green-600"><strong>trigger_event_id:</strong> Integer (FK -> TriggerEvent)</li> <li><strong>status:</strong> String</li> <li><strong>started_at:</strong> DateTime</li> <li><strong>completed_at:</strong> DateTime</li> </ul> </div> </div> </div> </div> <div id="workflow" class="tab-content hidden"> <div class="bg-white p-8 rounded-xl shadow-md"> <h2 class="text-2xl font-bold text-gray-800 mb-2">Playbook Execution Flow</h2> <p class="text-gray-600 mb-8 text-center">This section demonstrates the core logic of the SOAR engine. A trigger event initiates a playbook, which proceeds through several automated steps. <strong>Click on any step</strong> in the workflow diagram below to see how the Jinja2 templating engine dynamically populates action parameters using data from the trigger event.</p> <div class="lg:flex lg:gap-8"> <div class="flex-shrink-0 lg:w-1/3"> <div id="trigger-event-box" class="step-interactive border-2 border-dashed border-yellow-400 bg-yellow-50 rounded-lg p-4 text-center cursor-pointer"> <h4 class="font-bold text-yellow-800">1. Trigger Event</h4> <p class="text-sm text-yellow-700">Credential Dumping Detected</p> </div> <div class="h-10 arrow"></div> <div id="condition-check-box" class="step-interactive border-2 border-gray-300 bg-gray-100 rounded-lg p-4 text-center cursor-pointer"> <h4 class="font-bold">2. Condition Check</h4> <p class="text-sm text-gray-600">`event.log.source == "Security"`</p> </div> <div class="h-10 arrow"></div> <div id="action-step-1" class="step-interactive border-2 border-transparent bg-blue-100 rounded-lg p-4 mb-4 text-center cursor-pointer"> <h4 class="font-bold text-blue-800">Step A: Notify Analyst</h4> </div> <div id="action-step-2" class="step-interactive border-2 border-transparent bg-red-100 rounded-lg p-4 mb-4 text-center cursor-pointer"> <h4 class="font-bold text-red-800">Step B: Isolate Host</h4> </div> <div id="action-step-3" class="step-interactive border-2 border-transparent bg-purple-100 rounded-lg p-4 text-center cursor-pointer"> <h4 class="font-bold text-purple-800">Step C: Create Ticket</h4> </div> </div> <div class="flex-grow mt-8 lg:mt-0"> <div id="details-pane" class="bg-gray-800 rounded-lg p-6 h-full"> <div id="details-initial" class="text-gray-400 text-center flex flex-col justify-center h-full"> <p class="text-lg">Select a step from the workflow to see details.</p> </div> <div id="details-content" class="hidden"> <h3 id="details-title" class="text-xl font-bold text-white mb-4"></h3> <h4 class="text-md font-semibold text-gray-300 mt-4 mb-2">Original Parameters (from Playbook)</h4> <pre id="details-params" class="code-block p-4 rounded-md text-sm whitespace-pre-wrap"></pre> <h4 class="text-md font-semibold text-gray-300 mt-4 mb-2">Rendered Parameters (with Event Data)</h4> <pre id="details-rendered" class="code-block bg-green-900/50 border border-green-500 p-4 rounded-md text-sm whitespace-pre-wrap"></pre> </div> </div> </div> </div> </div> </div> <div id="api" class="tab-content hidden"> <div class="bg-white p-8 rounded-xl shadow-md"> <h2 class="text-2xl font-bold text-gray-800 mb-2">API Endpoints</h2> <p class="text-gray-600 mb-8 text-center">The engine exposes two primary FastAPI endpoints. One for loading new YAML-based playbooks into the system, and another for submitting trigger events to initiate an automated response.</p> <div class="mb-8"> <h3 class="text-xl font-semibold mb-2">POST `/load_playbook/`</h3> <p class="text-gray-600 mb-4">Accepts a raw YAML string in the request body to load and cache a new playbook.</p> <h4 class="text-md font-semibold text-gray-700 mb-2">Example Request Body:</h4> <div class="relative"> <pre id="api-load-body" class="code-block p-4 rounded-md text-sm overflow-x-auto">id: test-playbook-001 name: Test Credential Dumping Response ... steps: - name: Alert Analyst action: notify ... </pre> <button onclick="copyToClipboard('api-load-body')" class="absolute top-2 right-2 bg-gray-600 hover:bg-gray-500 text-white text-xs font-semibold py-1 px-2 rounded">Copy</button> </div> </div> <div> <h3 class="text-xl font-semibold mb-2">POST `/trigger_event/`</h3> <p class="text-gray-600 mb-4">Accepts a JSON object representing a security event, which then triggers the corresponding playbook.</p> <h4 class="text-md font-semibold text-gray-700 mb-2">Example Request Body:</h4> <div class="relative"> <pre id="api-trigger-body" class="code-block p-4 rounded-md text-sm overflow-x-auto">{ "event_id": "evt_12345", "host": "WIN-SERVER-01", "host_id": "host_12345", "playbook_id": "test-playbook-001", "log": { "source": "Security", ... } } </pre> <button onclick="copyToClipboard('api-trigger-body')" class="absolute top-2 right-2 bg-gray-600 hover:bg-gray-500 text-white text-xs font-semibold py-1 px-2 rounded">Copy</button> </div> </div> </div> </div> </main> </div> <script> const tabs = document.querySelectorAll('.tab-button'); const contents = document.querySelectorAll('.tab-content'); tabs.forEach(tab => { tab.addEventListener('click', () => { const target = tab.getAttribute('data-tab'); tabs.forEach(t => t.classList.remove('tab-active')); tab.classList.add('tab-active'); contents.forEach(content => { if (content.id === target) { content.classList.remove('hidden'); } else { content.classList.add('hidden'); } }); }); }); const playbookData = { trigger: { name: "Trigger Event", description: "Credential Dumping Detected", params: { event_id: "evt_12345", host: "WIN-SERVER-01", host_id: "host_12345", source_ip: "192.168.1.100", log: { source: "Security", event_id: 4688, message: "sekurlsa::logonpasswords detected" }, severity: "high" } }, condition: { name: "Condition Check", description: "`event.log.source == 'Security'`", params: { "Condition": "event.log.source == 'Security'" }, rendered: { "Result": "True" } }, steps: [ { name: "Step A: Notify Analyst", params: { channel: "{{ trigger.channel | default('soc_teams') }}", message: "Credential dumping detected on {{ event.host }}" }, rendered: { channel: "soc_teams", message: "Credential dumping detected on WIN-SERVER-01" } }, { name: "Step B: Isolate Host", params: { host_id: "{{ event.host_id }}" }, rendered: { host_id: "host_12345" } }, { name: "Step C: Create Ticket", params: { summary: "Security Incident - {{ event.host }}", severity: "{{ event.severity | default('high') }}" }, rendered: { summary: "Security Incident - WIN-SERVER-01", severity: "high" } } ] }; const detailsInitial = document.getElementById('details-initial'); const detailsContent = document.getElementById('details-content'); const detailsTitle = document.getElementById('details-title'); const detailsParams = document.getElementById('details-params'); const detailsRendered = document.getElementById('details-rendered'); const workflowSteps = document.querySelectorAll('.step-interactive'); function updateDetails(data) { detailsInitial.classList.add('hidden'); detailsContent.classList.remove('hidden'); detailsTitle.textContent = data.name; detailsParams.textContent = JSON.stringify(data.params, null, 2); detailsRendered.textContent = JSON.stringify(data.rendered, null, 2); } function highlightStep(selectedElement) { workflowSteps.forEach(step => step.classList.remove('step-selected')); selectedElement.classList.add('step-selected'); } document.getElementById('trigger-event-box').addEventListener('click', (e) => { const data = { name: playbookData.trigger.name, params: { "Description": playbookData.trigger.description }, rendered: playbookData.trigger.params } updateDetails(data); highlightStep(e.currentTarget); }); document.getElementById('condition-check-box').addEventListener('click', (e) => { updateDetails(playbookData.condition); highlightStep(e.currentTarget); }); document.getElementById('action-step-1').addEventListener('click', (e) => { updateDetails(playbookData.steps[0]); highlightStep(e.currentTarget); }); document.getElementById('action-step-2').addEventListener('click', (e) => { updateDetails(playbookData.steps[1]); highlightStep(e.currentTarget); }); document.getElementById('action-step-3').addEventListener('click', (e) => { updateDetails(playbookData.steps[2]); highlightStep(e.currentTarget); }); function copyToClipboard(elementId) { const text = document.getElementById(elementId).innerText; const textarea = document.createElement('textarea'); textarea.value = text; document.body.appendChild(textarea); textarea.select(); document.execCommand('copy'); document.body.removeChild(textarea); } const ctx = document.getElementById('playbookChart').getContext('2d'); const playbookChart = new Chart(ctx, { type: 'bar', data: { labels: ['Triggers', 'Conditions', 'Action Steps'], datasets: [{ label: 'Number of Components', data: [1, 1, 3], backgroundColor: [ 'rgba(251, 191, 36, 0.6)', 'rgba(209, 213, 219, 0.6)', 'rgba(99, 102, 241, 0.6)' ], borderColor: [ 'rgba(251, 191, 36, 1)', 'rgba(156, 163, 175, 1)', 'rgba(99, 102, 241, 1)' ], borderWidth: 1 }] }, options: { responsive: true, maintainAspectRatio: false, scales: { y: { beginAtZero: true, ticks: { stepSize: 1 } } }, plugins: { legend: { display: false } } } }); </script> </body> </html>